|
|
|
|
|
|
by m_herrlich
2205 days ago
|
|
|
The apple endpoint returned an apple-signed jwt with an email of the attacker's choice in the sub field. It didn't even have to be an email associated with an apple id. Relying parties verify the id_token against Apple's cert and that is Apple's guarantee that the email is correct. |
|
|